User Guide: AMF Security Controller version 2.1.0

Switches




OpenFlow Switch List

This page shows a list of OpenFlow Switches which were registered in AMF Security's database.


Table 1: Target columns for search and sort operations
Item Name Search Sort
Switch ID × ×
Datapath ID × ×
Upstream Port × ×
Account Group ID × ×
Note × ×

Table 2: Displayed columns
Item Name Description
Switch ID ID (Name) of the registered OpenFlow Switch.
Datapath ID OpenFlow Switch's Datapath ID (used by OpenFlow controller to identify this switch). In most cases, It is automatically generated or configured on the switch.
Upstream Port Upstream port of the switch.
Account Group ID Account Group to which the OpenFlow Switch belongs.
Note Arbitrary string (comment) for the OpenFlow Switch.

Table 3: Buttons
Item Name Description
Page Top
Add OpenFlow Switch Open the Add OpenFlow Switch page.
Active OpenFlow Switch List Open the Active OpenFlow Switch List page.
Export to CSV Start downloading of a list of switches in CSV format.
OpenFlow Switch List
Heading Row
Delete Selected Delete all the checked switches.
Each Row
Edit Open the Update OpenFlow Switch page for the selected OpenFlow Switch.
Delete Delete the switch.
Note
Refer to Appendix > CSV File for CSV Files.

Add OpenFlow Switch

This page lets you add a new OpenFlow Switch.
The switch added here can be referenced when you configure a location.
Note
Although AMF Security can manage OpenFlow Switches even if they are unregistered, you have to register them in order to specify upstream port individually or authenticate devices by their locations.
Note
With this setting, AMF Security resets packet control flows existing on the OpenFlow Switch.
In addition, the connection with the OpenFlow Switch is temporarily disconnected.


Table 4: Sample Configuration Data
Item Name Description
Switch ID (Mandatory) Name of the OpenFlow Switch.
Switch ID and Name that are already used cannot be set on the OpenFlow Switch List page and the AMF Member List page.
Max 255 characters.

When you click the "Register" button on Active OpenFlow Switch List, the switch's "Hardware Info" is automatically set in this field (can be changed). If it's the same as an existing Switch ID, "_X" (X is a number) is appended to the "Hardware Info" (e.g. AT-TQ4600_1).
Datapath ID (Mandatory) OpenFlow Switch's Datapath ID (used by OpenFlow controller to identify this switch).
There's no need to change this in most cases because it is automatically generated or configured. Auto-generated Datapath ID is a 16 character HEX string which added leading zeros to the switch's MAC address.
Datapath ID must be unique.
Upstream Port Upstream port of the switch.
Only one upstream port can be specified for a switch.
Port can be specified as either a port name or an OpenFlow port number.
Account Group ID Select Account Group ID to which OpenFlow Switch belongs.
Note Arbitrary string (comment) for the switch.
Max 255 characters.
Note
If datapath ID is inconsistent between the AMF Security and the switch, packet forwarding ceases on its OpenFlow ports.
Note
Datapath ID of an OpenFlow Switch cannot be changed from AMF Security.

Name of the upstream ports may vary depending on the model of the OpenFlow Switches.

Table 5: Valid Upstream Port Names.
Port Name Description
AlliedWare Plus Devices
portX.Y.Z X - always "1"
Y - Expansion bay number. "0" for a base (non-expansion) port.
Z - Port number printed on the product. It is different from OpenFlow port number.
AT-TQ series wireless access point
eth0 Ethernet Port (Wired Interface) OpenFlow Port Number is always "1".
For an AlliedWare plus switch, OpenFlow port numbers can vary depending on the configurations of the switch. They can be confirmed on the OpenFlow Switch Detail page.
Note
When you are using both AlliedWare plus switches and AT-TQ wireless access points as OpenFlow Switches, configure an upstream port for each OpenFlow Switch separately instead of using the "Default Upstream Port" on the System Settings > OpenFlow Settings page.

Table 6: Buttons
Item Name Description
Page Bottom
Submit Add the OpenFlow Switch.
Cancel Cancel the operation for adding a new OpenFlow Switch.

Update OpenFlow Switch

This page lets you update the information of an existing OpenFlow Switch.
Note
When you update information of an OpenFlow Switch, AMF Security resets packet control flows existing on the OpenFlow Switch.
In addition, the connection with the OpenFlow Switch is temporarily disconnected.


Table 7: Configurable fields
Item Name Description
Switch ID (Mandatory) Name of the OpenFlow Switch.
Switch ID and Name that are already used cannot be set on the OpenFlow Switch List page and the AMF Member List page.
Max 255 characters.
Datapath ID (Mandatory) OpenFlow Switch's Datapath ID (used by OpenFlow controller to identify this switch).
There's no need to change this in most cases because it is automatically generated or configured. Auto-generated Datapath ID is a 16 character HEX string which added leading zeros to the switch's MAC address.
Datapath ID must be unique.
Upstream Port Upstream port of the switch.
Only one upstream port can be specified for a switch.
Port can be specified as either a port name or an OpenFlow port number.
If "Default Upstream Port" is configured on the System Settings > OpenFlow Settings page, it is used in case this field is empty.
Account Group ID Select Account Group ID to which OpenFlow Switch belongs.
Note Arbitrary string (comment) for the switch.
Max 255 characters.
Note
If datapath ID is inconsistent between the AMF Security and the switch, packet forwarding ceases on its OpenFlow ports.

Name of the upstream ports may vary depending on the model of the OpenFlow Switches.

Table 8: Valid Upstream Port Names.
Port Name Description
AlliedWare Plus Devices
portX.Y.Z X - always "1"
Y - Expansion bay number. "0" for a base (non-expansion) port.
Z - Port number printed on the product. It is different from OpenFlow port number.
AT-TQ series wireless access point
eth0 Ethernet Port (Wired Interface) OpenFlow Port Number is always "1".
For AlliedWare plus switch, OpenFlow port numbers can vary depending on the configurations of the switch. They can be confirmed on the OpenFlow Switch Detail page.
Note
When you are using both AlliedWare plus switches and AT-TQ wireless access points as OpenFlow Switches, configure an upstream port for each OpenFlow Switch separately instead of using the "Default Upstream Port" on the System Settings > OpenFlow Settings page.

Table 9: Buttons
Item Name Description
Page Bottom
Submit Update the information of the OpenFlow Switch.
Cancel Cancel the operation for updating the switch.


Active OpenFlow Switch List

This page shows a list of OpenFlow Switches which have established connections with AMF Security.
When Account Group is set, only OpenFlow Switches belonging to the Account Group to which the logged-in Account belongs are displayed.
When an OpenFlow Switch whose IP address and Datapath ID are the same with an existing OpenFlow Switch listed on this page, an existing session is closed and a new session is established. If an OpenFlow Switch whose Datapath ID is the same as an existing switch but its IP address is different from the existing switch's, a new session is not established.


Table 10: Target columns for search, filter and sort operations
Item Name Search Filter Sort Note
Datapath ID × ×  
Switch ID * × * "Unregistered" cannot be matched.
IPv4 Address × ×  
Status × × * * Sorted in the order of "Negotiating" and "Ready".
Upstream Port * × * Only Switch Port Number before parenthesis and OpenFlow Port Number in parenthesis can be matched.
Hardware Info × ×  

Table 11: Displayed columns
Item Name Description
Datapath ID OpenFlow Switch's Datapath ID (used by OpenFlow controller to identify this switch).
When clicked, the OpenFlow Switch Detail page is displayed.
Switch ID ID (Name) of the registered OpenFlow Switch.
When clicked, the Update OpenFlow Switch page is displayed.
If the switch is not registered, a text "Unregistered" and the "Register" button are displayed.
IPv4 Address IPv4 address of the switch.
Status Status of the switch.
  • Negotiating: the switch is preparing synchronization with AMF Security where they are initializing OpenFlow functions, confirming packet control flow, configuring upstream port name and OpenFlow port numbers. Negotiating also means that an upstream port name and the OpenFlow port numbers are inconsistent.
  • Ready: the switch completed initialization of OpenFlow functions and now it's ready for devices to connect.
Upstream Port Port Name and OpenFlow Port Number of the upstream port.
Hardware Info Hardware information provided by the switch.

Table 12: Buttons
Item Name Description
Page Top
OpenFlow Switch List Open the OpenFlow Switch List page.
Export to CSV Start downloading of a list of switches in CSV format.
Refresh Refresh the Active OpenFlow Switch List page.
Active OpenFlow Switch List
Heading Row
Clear Flows Selected Clear all flow entries on the checked OpenFlow Switches and close the connection (TCP session) with the OpenFlow Switch.
Each Row
Clear Flows Clear all flow entries on the OpenFlow Switch and close the connection (TCP session) with the OpenFlow Switch.
Submit (only when the switch is not registered)
Open the Add OpenFlow Switch page.
Edit (only when the switch is registered)
Open the Update OpenFlow Switch page.
Note
Refer to Appendix > CSV File for CSV Files.


OpenFlow Switch Detail

This page shows detailed information of an OpenFlow Switch.


Table 13: Displayed columns
Item Name Description
Switch ID ID (Name) of the registered OpenFlow Switch.
Datapath ID OpenFlow Switch's Datapath ID (used by OpenFlow controller to identify this switch).
IPv4 Address IPv4 address of the switch.
Protocol Version OpenFlow protocol version being used for the connection with the switch.
Status Status of the switch.
  • Negotiating: the switch is preparing synchronization with AMF Security where they are initializing OpenFlow functions, confirming packet control flow, configuring upstream port name and OpenFlow port numbers. Negotiating also means that an upstream port name and the OpenFlow port numbers are inconsistent.
  • Ready: the switch completed initialization of OpenFlow functions and now it's ready for devices to connect.
Manufacturer Manufacturer information provided by the switch.
Hardware Info Hardware information provided by the switch.
Software Info Software information provided by the switch.
Serial Number Serial number provided by the switch.
Datapath Description Datapath description provided by the switch.
OpenFlow Port List List of OpenFlow ports of the switch.

Table 14: Displayed columns on OpenFlow Port List
Item Name Description
Number OpenFlow Port Number
Name Port Name
Status Link status of the port
MAC Address MAC address of the port
Upstream Port An * is displayed for the port used as the upstream port.
Note
A link status of a port is either up or down for AlliedWare Plus switches. A link status is always up for AT-TQ series wireless LAN access points.


Table 15: Port Name
Port Name Description
AlliedWare Plus Devices
portX.Y.Z X - always "1"
Y - Expansion bay number. "0" for a base (non-expansion) port.
Z - Port number printed on the product. It is different from OpenFlow port number.
eth0 Management port (only for the AlliedWare plus switch supporting it)
AT-TQ series wireless access point
eth0 Ethernet Port (Wired Interface) OpenFlow Port Number is always "1".
wlanX radio interface.
athX radio interface.
For AlliedWare plus switch, OpenFlow port numbers can vary depending on the configurations of the switch.

Table 16: Buttons
Item Name Description
Page Top
Back Go back to the Active OpenFlow Switch List page.
Refresh Refresh the OpenFlow Switch Detail page.
Status
Show Flows Open the OpenFlow Switch Flow List page.

OpenFlow Switch Flow List

OpenFlowスイッチが持つ、AMF Securityから送られたフローを表示します。


Table 17: Buttons
Item Name Description
Page Top
Back Open the OpenFlow Switch Detail page.
Refresh Refresh the OpenFlow Switch Flow List page.

AMF Member List

This page shows a list of MAC addresses registered in AMF Security's database.


Table 18: Target columns for search and sort operations
Item Name Search Sort
Name × ×
Account Group ID × ×
Note × ×

Table 19: Displayed columns
Item Name Description
Name Name of a registered AMF Member
Account Group ID Account Group ID to which the AMF Member belongs.
Note Arbitrary string (comment) for the AMF Member.

Table 20: Buttons
Item Name Description
Page Top
AMF Member Add Open the AMF Member Add page.
Active AMF Member List Open the Active AMF Member List page.
Export to CSV Start downloading of a list of AMF Members in CSV format.
AMF Member List
Heading Row
Delete Selected Delete authentication information of the checked AMF Members.
Each Row
Edit Open the AMF Member Update page for the selected AMF Member.
Delete Delete information of the selected AMF Member.
Note
Refer to Appendix > CSV File for CSV Files.


AMF Member Add

This page lets you register a new AMF Member.
Note
When you register as an AMF member, AMF Security removes all authentication information for that AMF member.


Table 21: Configurable fields
Item Name Description
Name Name of the AMF Member.
Switch ID and Name that are already used cannot be set on the OpenFlow Switch List page and the AMF Member List page.
Max 255 characters. Can use alphanumeric, hyphen (-) and underscore (_).
Account Group ID Select Account Group ID to which AMF Member belongs.
Note Arbitrary string (comment) for the AMF Member.
Max 255 characters.
Note
Name must be the same as the host name of AMF Member. This is because AMF Member is managed by the host name of AMF Member.
Note
Since the name of the AMF Member cannot be registered twice, make sure that the host name of the AMF Member is also unique.

Table 22: Buttons
Item Name Description
Page Bottom
Submit Register information of the AMF Member.
Cancel Cancel the operation for adding a new AMF Member.

AMF Member Update

This page lets you update the information of an existing AMF Member.
Note
When you update an AMF member, AMF Security removes all authentication information for that AMF member.


Table 23: Configurable fields
Item Name Description
Name Name of the AMF Member.
Switch ID and Name that are already used cannot be set on the OpenFlow Switch List page and the AMF Member List page.
Max 255 characters. Can use alphanumeric, hyphen (-) and underscore (_).
Account Group ID Select Account Group ID to which AMF Member belongs.
Note Arbitrary string (comment) for the AMF Member.
Max 255 characters.
Note
Name must be the same as the host name of AMF Member. This is because AMF Member is managed by the host name of AMF Member.

Table 24: Buttons
Item Name Description
Page Bottom
Submit Update information of the selected AMF Member.
Cancel Cancel the operation for updating the AMF Member information.

Active AMF Member List

This page shows a list of AMF Members which have established connections with AMF Security.
When Account Group is set, only AMF Members belonging to the Account Group to which the logged-in Account belongs are displayed.


Table 25: Target columns for search, filter and sort operations
Item Name Search Filter Sort
Name × ×
Registration Status × ×
Domain Name × ×
IPv4 Address × ×
Latest Access × ×

Table 26: Displayed columns
Item Name Description
Name Name of the AMF Member (An identifier used by AMF Security)
Registration Status Registration status of the AMF Member
Click "Register" to open the AMF Member Add page.
If the AMF Member is not registered, a text "Unregistered" and the "Register" button are displayed.
Domain Name Domain name of the AMF Member.
IPv4 Address IPv4 address of the AMF Member.
Latest Access Displays the date and time when AMF Security and AMF Member last communicated.
Note
If the "application-proxy whitelist advertised-address" is not set for the AMF Member, the IP Address of the AMF management VLAN is displayed. If "application-proxy whitelist advertised-address" is set for the AMF Member, the primary IPv4 Address of the specified interface is displayed, but no inquiry has been received regarding the availability of node under the corresponding AMF Member shows the IP Address of the AMF management VLAN.

Table 27: Buttons
Item Name Description
Page Top
AMF Member List Open the AMF Member List page.
Export to CSV Start downloading of a list of Active AMF Members in CSV format.
Active AMF Member List
Heading Row
Delete Selected Delete authentication information of the checked AMF Members.
Each Row
Submit Open the AMF Member Update page for the selected AMF Member.
Sync Get information of the selected AMF Member.

To use this feature, your Proxy Node and Edge Nodes must have AlliedWare Plus firmware version 5.4.9-1.x or later installed. Also, enable the "service http" command on both the Proxy Node and the Edge Nodes.
Delete Delete information of the selected AMF Member.
Note
Refer to Appendix > CSV File for CSV Files.


14 Jun 2021 09:30